mp3rocket_setup.exe

Defomi

MP3 TechSupport LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mp3rocket_setup.exe, “Defomi Setup ” by MP3 TechSupport has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from bmail.uol.com.br and multiple other hosts.
Publisher:
Segipine   (signed by MP3 TechSupport LLC)

Product:
Defomi

Description:
Defomi Setup

Version:
5.7.5.6

MD5:
e58028012f80f1a3c08f88409998e0cb

SHA-1:
646fcfef7c21e65807a1fcca40334f375ac0f4b9

SHA-256:
1ae9f8872315db634c1318c576b5825f4b98aa6430bd3395be1bc66d61cc61f6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 9:33:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.MP3TechS.Installer (M)
16.7.14.8

File size:
1.1 MB (1,133,224 bytes)

Product version:
5.4.0

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\mp3rocket_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/21/2016 3:00:00 AM

Valid to:
4/22/2017 2:59:59 AM

Subject:
CN=MP3 TechSupport LLC, O=MP3 TechSupport LLC, STREET=3051 W Maple Loop Dr Ste 201, L=Lehi, S=Utah, PostalCode=84043, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0081ECF0B90414131BF9016277516512CB

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:PliQjCteoLy/WES/koxnh6lc2Nbo5XWQSKje0LVnycr+Fk6xcJ4MkdvuICcP:PsQjror/k6h67pFGDZr+FnxbdvuInP

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file mp3rocket_setup.exe has been seen being distributed by the following 50 URLs.

http://bmail.uol.com.br/attachment?msg_id=MTUyMzY&ctype=MP3Rocket_Setup.exe&disposition=attachment&content_id=<586fda5bc854f_494315c0d706f3e4246a6@a4-winter4.mail>&folder=INBOX&attsize=1561334&content_id=<586fda5bc854f_494315c0d706f3e4246a6@a4-winter4.mail>&accountId=0

http://www.hostflashconcepts.com/5MmYC35TckFfV5A5qBq_0ZhXIcaXNnPFMYqe4hnXw1RWbSD tqLL2ZPZJbOuL9B OTJXUInkT54R8oFQVZFIut2fJTE8O_VWbGkcZTxoPT q9iXQ2H9OtfLJmahYM cTnFI0v375 6hywDD9uHY8gC2IjcybyeAah5opXNS9izowiBQqExM=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/BjH7JEZvG3acEtcX5U6TiQuvrbpxIJs n_jkO1naIJbKF4FMn_SSPE5241Caz f4wHl3Pg kG2L14nLLOh_qSKDpySA5jhwi_KjyMVkkC9uFjZF4mGvSN4uyfIur4uxC9JwUiSGyv0ua6961cMSqvs srb O 1ygw3qXXFMhu2ou225WKR0=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/v2u2HxXsMAWM7kW0VQttHhAUHco2MfoFkIjd5NyNFXIjbQi56D3YAxha0a0JCMLAoxL3oC WsNO9I52ON17YzrmK_QDcOSOEpTBhriAZKinpeYU3VOqRszAiXTzgGQwczkTarqHw1DRiOuPZpur4vK8CQwHBu5Ck33gYczGxfhmvts713tQ=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/8DnBYrrs3XL_OPBfXaYZiXLnRkSOi9 ggNe2vCOGA6o1Jk0a3NZTRUyuOz6xEc0jFNDRlJRSLozxldCBi NW6A7b6P7X31Sb0qGX206LjySTHHRc8PKUQ8DTtAF1LVHztW3WSCFiNjYPpLIofP7RBd6Jx_eGqML37 IrY6RaqmLrpDbFTqk=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/YF2ohLVzWHCk60VoVXHFKkh5CKNqXy4yL07ZjSZeoHAayDUPiycCWb_YQpJd1DazMT0PeITmo6LI1sb9EQpErwQ_8xcMylyYyrKhJ5M sNjIwcPAT0aB5asx x1y6PyNGyOp2EZcEAF2lgCrD8zVhGSHvcnf6ziAeEndgzM4LPlwWTrdCiE=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/fjGjFXLp oS27QgAh971DXuFjLHjgdA 1TchR_9mgi1eJwiCEqNgRAHGwP6ZLExnXRAqtPrponbOVAP8bIPsQy7Qgyn_Sv0GUE10qXRtruL8LB6QaGFkGYtyePA6wxJtX YBUQeyjQhEdVQoLxIMuxhFDcO_umQY90kBlmZyx0CvtHCCoaQ=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/FMXJm 6CcjTWwKSXl5k5hw1m1k2WuusKW0CYZm57WKCkd7DPYkKCKA4UFUIeZ7DimSlZS5T4QbOsWuhSAIPz6xODrnHbFO5aS1WKsYK92azu78it1erudgLIbDgNDfLjgiR0ZcrrHc7B W2AvGbGB28Y15vuAdXaUnHoCFhrV89uoKVxIWk=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/K5VoaPTSn6Nc24jwdbbrxkpWfCDBSF1OCnqN YvzXhb9zjwMdMKOQnYcpKsxI4b8NHUG5xBFbl3yBlEnY9lpkinVP7MMVLAmC0Z k0V2LvzCOPROW7UflfbxqRKLrsziOqE4ygCEkdlB1j WghUELmB3fj1E7idSDv6i1PSRbAd0gtYVcH8=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/nUEwAOsWbj8pOdrgA2mVgwltlH5f9URZ 8_nzhA9VFxy YFx3_8r69uTertn6IUR9Mglw5VYSQbCPI1zFHFVzspFIzFMzEYyzy2ekkzBpEXN7ABqaTTrENdUYSUYby9nrOP4MrTn Jbood6PLxhs7qubE6ccCQ==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/RdW8rHl_U6lx_JaAuy50j0U0NwHmjd PuDgZ2r2VVpxXA 0rqu1burtFVItLzYjbIGxbgQv0Z5WBEfIe0YxnYBy0h4MlgGZXWmtFmL8jNE1fcMBhMi06L6sKC9w6zx1EsrVm6lYpbyWgHv4oJvlsyKWjG4AT4Q==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/zk9YW7ej5MIAJJnA4Sfm_h9rGmIxmFURvg4hDRhkXUKoPEzMYBf5FVVlkYqY V6qqhFU4p5QowPF1razSXzy4TT_DPpghcx19feXZ g8vw2I9LloEVXj_nl9Cip _G2xTyEV7Gi6 WY15hW5COOXibOq6uqq7NHQdVi8P4iEYkVt91e vcU=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/_tVbgq1ggscim8tMuZRNm_1k3ZD6YN5J8m8S38yvAWhppwuJ79eOttM8N8SO3EXeLuzFwmd3hJLhu0GYizLLVUrosZHRG3yDJgE2fJl9XQMISzs zRS10EiUALljTiHX5IwtkONbXPr2sZIu65syShBpXY3YVIaLTJPRvnuYKiV4a9jPgEk=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/MGpi7UsdU7vaNx2wuHIkOFiJTYZtojq5nq9IPBIjLua2tr8S3nRxBbMyjTvJVGGx0rVfJZromZ7XqKDXFmcNx PvLRvQ0Gc93ObPFboz tBQPerYt12bG5XYbn_JcWaMZyFhCMKXulIzBHbprCiVfqeqSYGmYK3kDaijH8ph4vBJI8f59Yw=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/mX8l8CuN U ZNXQQ6oI5dEC2PNmuwyIie3p9wLU BSLmpQnvQ8jbDaRNk8Uy8DSM55CVXtfuiyytRJOKlIupVUOf5Xot4kVgeaWeP8V9DwwHPqSNoKjYqrnB7uzcbHmd FE5PIl 3xXbPfboLRojMjhgKMfjfvrZXZGecZogO38TzkgOC30=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/8yOyQkYjNR7FL2FbfVPeV5cR5wTChbtXDjGcZEedL101DwKUPBCxfMHxG0weguKVmGnqyvos6Au3MgSOKHPWAi01awaph5_SBAV77MfWS9CZavEj0L7PXhXwEmzZlVxkO5qNTOFHpr52 E_tZkuJGDubdh24eD4yaIpXmqrZPu_izlhR4bc=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/Va0BHLJVpc4dMFhy0lEplSiF6o69AAAoWR3yZtGb1nQfItE3Cngq2xY5oYKfl1wotENP9RR0dAoMVAcmu467TPbfMwLw7 b8sfiux3de14u5LgxhQ5bNBW19E7N PSZSvc4pvIWrOzPlMFfLuYBdz58NlTHIAl6RwKdIFnNpghUuKHnznkc=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/YkZWe5Ar9Jj05HuYtx3BTW_ iz_YgV4Bt zJUqReUkSZQJcxfZdQWFfFldPM1Suuor Ip6i0YJB4y6ViJEfo5jYdtZLk5uaGCew52mtDMG4qAMNeiCgip64qxbS2RZnc2BYrNxv0lGY_KUulM4oB5ne2oVr2sjKGFscQNiBW_GMTwAB3Ylg=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/YCsvPMzXP8IvGFfGzrJEg8MC2pn BgiNUAadlj25C3jrn0IeBRbgIJsRSzZdobmA3Jd2cq_cWRwW3LeZk9u5Gb7_3rxK1zCepp7owb_dfivHJWw_8KtfeubQlcxHVYhoo6_wcKH7Ikq5AzMJOyMcPDKznEg8YcxI9yHX7CdSVVgE8w cByo=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/cPBJsMopyEoCZovQEC2BifwON5iabQIZ8_UqXix6X0888CpN4OEDtdeTtyK4MOjBcA6lLoM32LH8PDIUMUdtHHG8Q3atS7pE2rro9XlDs_ 9xJyB3Gl7theJBq3hGtVWiGFYkeN oSxLEStSbnlgoV5MQd8qBDYjYc8YCinOAG11sjUGrkw=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/tKnbfRvmkBtBhqJ2He3_2WCLzuVWecRQHOeBP_xJ2G4pRYtSAmU2qPhUpfMjBBPKUxydJiakbAm472ObwZgNm9SKoj XELMJTwcmg4sCZj7opBbpso4pCnMC4r0fykqkkkNbC3HaRn1CuXax0LkfOF57 UUbHdNUjYHnx1bYaDwtkVj2P70=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/GJLmL9n3xVufK05SFeYBRH056Eh7UgMbVuKKy0Wwjzy23JUXwSBtUegnc1bw72gVIkQfXEtqE1JDS9EFujapoSp_i_RULzY3YpHQIwT1nHFbbsVkPgJ7DB1vIrN1qTer yVKRbNwQ6KZ6bc_x9jfLXIH8LLf w_D4_o3uuCDq0fFLbZQmIk=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/b3yIQeasSMU4r qWuBMdzfVZnbRxqAYnXkMaftj3tq3tfmVcHKmDxPblPVP8L6h5xexp4GQdcgqTPjUXG2bE5zov5QqgUdTiv8 _LVURrVZakPtGcTe6V7vpagOe8PEMG__3z0tdZB8Pj4KDozmFhSn5HEG7TgF7PpoSqPqWN1_xXfNG4AA=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/W8Dflz36GcoaaDvA 80FX_5P51wzXErObqR XXYxcaa4TtmWao0LXtfcXR_lA9K_ZXsbx1U0j0BufTEnk_gj6nYpmo7hadPhzubewfZN89GMf6lrn1MoUojK8k_ovo0vEEROeYlhkDSjeW22r1s6Pd0KwxjS0hmKBghZPjYBUlUf2yoL3aw=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/gmfyLr4clYunf0xZ5u3ejevVamb1UYAMN2nTq2FEOb17S1RCii JbZgd4GVv9nxmYoYo1ZGeBAzwyTm8bIkzfzYX6DdKQRHWTrTpyY62WZqyUSJRtRtUoJUIOaO8fL1n_TZWdLVncibQ7IKUA6QXPllvl04Msw==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/jQBTT7ejLRGfLeLO8vsdHf3uJ0dnq2O9GqVoNiNgZL8pfHq3Gp4D2RQG6RYiYUQcUwmXXQQHcEILqpx1xqBB3_BmWtCg6R3hoNY1DwjmAUnIFhLsx8lk_46yCt9ngPrVyCpyaFaLmw4BMkalUkf03sksaTNvfg==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/0heSyAnnLDJc62c0JiSceAO2sV0VnOwrnDThRWrGW38WLqMJRx1rAZDHIna8tconwL4btCytHh96zO DC9J18IP04I0tGy fUS0OSAKqs7k0wPb_67eGLnfP KKPV3h 8Mfb_X58tSuFCMd6yOB9xJYbKF8q4w==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/n4WXI2BvWfHm5awwaUcNlJUPIhI3mIYxRogXRCw22C02QyKbbWDy9wosOdpAeVYI78zoht6LZ22d38jxWt8ucfHc24K_nBts4MnQUYJTjlBSTAETu18taGPnLkHX5g_oWH5d0cdtstpVlksn9cbXSnBBfQUfVw==-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/MQuhIjYApmGBisyk04gyvTDcIrIKWi6UL0_wgUP397y4K4g PuSolQUxgyqcbCjxjr74Fgt1FXMZ2X26Y dxrw9ksjUOgeXnNFqhh3XqHQcF5akmT0SGRv5I9uwFopPk4CY3ff1GzneLpAhozPvjduOBKCKQ9aU6dLCn_uC9Ic8WHJyFqbA=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

http://www.hostflashconcepts.com/3SLzHRuOLFgm4xO1VpOYWytu2aZZzl_YlOox2HcohAAzOhLAMyww6u 9o8ulKCfeYMf9 nJixZEqnh05HuMUM0uWQHjw0k5JXwnhmcXwLes5I5oKKyhE38RJ3F9VVhM17hTkNimJQCEd8GIRvILLBe1oKlq4Zn7WD9AXKNubjQmiRWsgq5s=-GzIAAAR0Y7H94TEvGARBgw44BuydRBYGG2NnCVKN_MYYvwVlZqfYt 5J1OPEAw==

Latest 30 of 253 download URLs

Remove mp3rocket_setup.exe - Powered by Reason Core Security